Abstract
In this paper we consider low-latency connection-based anonymity systems which can be used for applications like web browsing or SSH. Although several such systems have been designed and built, their anonymity has so far not been adequately evaluated.
We analyse the anonymity of connection-based systems against global passive adversaries. We give a precise description of a packet-counting attack which requires a very low degree of precision from the adversary, evaluate its effectiveness against connection-based systems depending on their size, architecture and configuration, and calculate the amount of traffic necessary to provide a minimum degree of protection. We then present a second attack based on tracking connection starts which gives us another lower bound on traffic volumes required to provide at least some anonymity.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Boucher P, Goldberg I, Shostack A (2000) Freedom system 2.0 architecture. Zero-Knowledge Sytems. http://www.freedom.net/info/whitepapers/
Back A, Möller U, Stiglic A (2001) Traffic analysis attacks and trade-offs in anonymity providing systems. In: Information hiding workshop. Lecture notes in computer science, vol 2137. Springer, Berlin Heidelberg New York, pp 245–257
Berthold O, Pfitzmann A, Standtke R (2000) The disadvantages of free MIX routes and how to overcome them. In: Workshop on the design issues in anonymity and observability. Lecture notes in computer science, vol 2009. Springer, Berlin Heidelberg New York, pp 10–29
Chaum D (1981) Untraceable electronic mail, return addresses and digital pseudonyms. Commun ACM 24(2):84–88
Danezis G (2003) Mix-networks with restricted routes. In: Workshop on privacy enhancing technologies, Dresden, Germany. Lecture notes in computer science, vol 2760. Springer, Berlin Heidelberg New York
[DDM03] Danezis G, Dingledine R, Mathewson N (2003) Mixminion: design of a type III anonymous remailer protocol. In: IEEE security and privacy
Dingledine R, Mathewson N, Syverson P (2004) Tor: The second-generation onion router. In: Proceedings of the 13th USENIX security symposium
Freedman MJ, Morris R (2002) Tarzan: A peer-to-peer anonymizing network layer. In: ACM conference on computer and communications security (CCS)
Gülcü C, Tsudik G (1996) Mixing email with Babel. In: Internet Society symposium on network and distributed sytem security, pp 2–16
Hodara H (1991) Secure fiberoptic communications. In: Symposium on electromagnetic security for information protection, Rome, Italy
The JAP project. http://anon.inf.tu-dresden.de/index_en.html
Kesdogan D, Egner J, Büschkes R (1998) Stop-and-go MIXes: providing probabilistic anonymity in an open system. In: Information hiding workshop. Lecture notes in computer science, vol 1525. Springer, Berlin Heidelberg New York
Pfitzmann A, Pfitzmann B, Waidner M (1991) ISDN-mixes: untraceable communication with very small bandwidth overhead. In: Proceedings of the GI/ITG conference on communication in distributed systems, pp 451–463
Raymond J (2000) Traffic analysis: protocols, attacks, design issues, and open problems. In: Workshop on the design issues in anonymity and observability. Lecture notes in computer science, vol 2009. Springer, Berlin Heidelberg New York, pp 10–29
Rennhard M (2003) Practical anonymity for the masses with mix-networks. Technical Report 157, ETH Zurich, Switzerland
Rennhard M, Plattner B (2002) Introducing morphmix: peer-to-peer based anonymous internet usage with collusion detection. In: Workshop on privacy in the electronic society (WPES), Washington DC
Sherwood R, Bhattacharjee B, Srinivasan A (2002) P5: A protocol for scalable anonymous communication. In: IEEE symposium on security and privacy
Serjantov A, Danezis G (2002) Towards an information theoretic metric for anonymity. In: Workshop on privacy enhancing technologies, San Francisco. Lecture notes in computer science, vol 2482. Springer, Berlin Heidelberg New York
Serjantov A, Dingledine R, Syverson P (2002) From a trickle to a flood: active attacks on several mix types. In: Information hiding workshop. Lecture notes in computer science, vol 2578. Springer, Berlin Heidelberg New York
Shmatikov V (2002) Probabilistic analysis of anonymity. In: 15th IEEE workshop on computer security foundations, pp 119–128
Syverson PF, Tsudik G, Reed MG, Landwehr CE (2000) Towards an analysis of Onion Routing security. In: Workshop on design issues in anonymity and unobservability. Lecture notes in computer science, vol 2009. Springer, Berlin Heidelberg New York
Wright M, Adler M, Levine B, Shields C (2002) An analysis of the degradation of anonymous protocols. In: ISOC symposium on network and distributed system security
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Serjantov, A., Sewell, P. Passive-attack analysis for connection-based anonymity systems. Int J Inf Secur 4, 172–180 (2005). https://doi.org/10.1007/s10207-004-0059-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0059-3